CVE-2024-57184
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-57184
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57184.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-57184
- Downstream
- Published
- 2025-01-24T14:15:31Z
- Modified
- 2025-10-22T06:44:09.971372Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gfm2tsprocesspmt in mediatools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.
- References
Affected packages
Git / github.com/gpac/gpac
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gpac/gpac
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "applications/mp4box/main.c"
},
"id": "CVE-2024-57184-2afa7499",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"215271800634921823914992885678562486548",
"91704152373076633441726477168450822933",
"127975381763507671810302185192248256400",
"317463472625133151002432441653892377813",
"238494476529090314200448814672137605735",
"190437262437474021258278374935288872373",
"47041910215715421546396597527128316892",
"197008897461239487184549638065466810830",
"313806358128631219399359623752176024806",
"229575560135653573569764680330539429243",
"142515023052471893214721043216429990728",
"197008897461239487184549638065466810830",
"165219773958522982149325378183116107286",
"297678289269673202192143842985296264974",
"26453523544578143065306647949815387770",
"26686198762745249688243879800254485725",
"168462884946522520626609744835262128233"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/media_tools/mpegts.c",
"function": "gf_m2ts_get_section_length"
},
"id": "CVE-2024-57184-2f855a30",
"signature_type": "Function",
"digest": {
"function_hash": "103628160776870297304187077697921558438",
"length": 257.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/media_tools/mpegts.c",
"function": "gf_m2ts_demux_del"
},
"id": "CVE-2024-57184-3489d10e",
"signature_type": "Function",
"digest": {
"function_hash": "180039532483426121619801958246582003594",
"length": 2095.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/media_tools/mpegts.c",
"function": "gf_m2ts_get_adaptation_field"
},
"id": "CVE-2024-57184-57185872",
"signature_type": "Function",
"digest": {
"function_hash": "110553909648997816319781855132051754685",
"length": 4388.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/media_tools/mpegts.c",
"function": "gf_m2ts_process_pat"
},
"id": "CVE-2024-57184-5a4e0330",
"signature_type": "Function",
"digest": {
"function_hash": "158826145281828042582258932152234723370",
"length": 2137.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/media_tools/mpegts.c",
"function": "gf_m2ts_process_pmt"
},
"id": "CVE-2024-57184-68917eeb",
"signature_type": "Function",
"digest": {
"function_hash": "160650652517842896022163221044207719562",
"length": 12957.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "applications/mp4box/main.c",
"function": "mp4boxMain"
},
"id": "CVE-2024-57184-6dc093e4",
"signature_type": "Function",
"digest": {
"function_hash": "283270996306476393876214736821991690193",
"length": 53273.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/media_tools/mpegts.c",
"function": "gf_m2ts_reframe_mpeg_video"
},
"id": "CVE-2024-57184-8965df0e",
"signature_type": "Function",
"digest": {
"function_hash": "292415745383921450766174574624130007639",
"length": 1999.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/media_tools/av_parsers.c",
"function": "gf_mp3_get_next_header_mem"
},
"id": "CVE-2024-57184-992957e3",
"signature_type": "Function",
"digest": {
"function_hash": "280379205579045700597035513552795448465",
"length": 1003.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/media_tools/mpegts.c",
"function": "gf_m2ts_section_complete"
},
"id": "CVE-2024-57184-a2d8bdb0",
"signature_type": "Function",
"digest": {
"function_hash": "152747667381894918479047168528434163801",
"length": 6613.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/media_tools/av_parsers.c"
},
"id": "CVE-2024-57184-a4945fb9",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"190158671671625243414591564420307614887",
"117889428069973424003276404328852496421",
"225696714652218117502207525037287910312",
"104092498708241250721249041105698664383"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/isomedia/isom_write.c",
"function": "gf_isom_new_mpeg4_description"
},
"id": "CVE-2024-57184-a9f906df",
"signature_type": "Function",
"digest": {
"function_hash": "154474446897750830253462805338440976271",
"length": 987.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/isomedia/isom_write.c"
},
"id": "CVE-2024-57184-c09f4324",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"255645473099564956598546073874040577871",
"105059811658078635044347151374338058283",
"315245057240905541808445726412781412860",
"59206108003543468572067658191349193712",
"49262330707685635449416300113340537147"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/media_tools/mpegts.c",
"function": "gf_m2ts_pes_header"
},
"id": "CVE-2024-57184-d3e08327",
"signature_type": "Function",
"digest": {
"function_hash": "263522201649715193512357314048577735051",
"length": 1287.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/odf/odf_code.c"
},
"id": "CVE-2024-57184-e7e942ab",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"233555553547748079518251295332126428804",
"233320010904768881464476481878425652671",
"191093796998333402101200209749085644073",
"159168320278433694209316875400918579021",
"7146164353436058246094727431145469483",
"289606309378441791880344086972240867735",
"257498891637826873270524902048006605258",
"223449348764947881838148764492956196235"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/media_tools/mpegts.c"
},
"id": "CVE-2024-57184-f135eb13",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"314151966595974561366148358061210981857",
"310943886852940165738680195998187100185",
"161265028163986242821099669706499319968",
"266609775963388190298994679687607220553",
"70492844613735905944064195415024551700",
"72925196837817785262911455871693332116",
"3333983184150570614231987409404563738",
"297199415174362606352771082399168924593",
"127064506595615773499236347926580347600",
"78569537489912384064818377251501250913",
"18450412433443245538182443034085877489",
"47234168541560354494898216264611076601",
"108985505237347333799304759588138701606",
"245671892664926975603404674764120809232",
"93907762560853748613284591357311080369",
"211464930120725103066140763137828793748",
"257022177564321926839343161281285874317",
"187323892497721098193350031139701317305",
"211858484541018173177232802526980496739",
"127082700476439525079209641184017286260",
"207595500258306630795491177285430388995",
"168454730404892075106994848327984530845",
"218188416243712931651921349981765039546",
"119373215220266814155862783695884915755",
"74052400548209328731711756175786501918",
"119730882731057139552713333680099632794",
"266016201252775468633491569535813497184",
"63000146090874992851417898116936339580",
"113317852001645032477968268686908535838",
"312003032799094112922801301182157311821",
"326354901076355971873288704935948688613",
"19924341711483973471876240021155504678",
"43728446928011602045002302582941866376",
"211209783633356644266377190063189510007",
"26625414007268669380281060674663768502",
"212018372378049822348852397801866290775",
"98155178234896187172567094502305688584",
"229122881178563849373052745601739436785",
"113359577646284054713557054054035753449",
"166402859978215576839697980564133201602",
"217972002802524071126746769538830367945",
"58396819470224084037287297529846936948",
"253591750081865864924061231507480291176",
"187312614709061748114757109887046104322",
"223938328503353462867327098050396137230",
"229569335724303047278722204601823220334",
"225246042900715182497321222159328815726",
"97210065370098158333257353080179614504",
"252104149107802057122394103593504634044",
"317196726504677505527883035845946949050",
"317115750280702552796415020543278407990",
"238780724378965894394446267741184178213",
"72734907594396137672613055680474202288",
"202972081764351327802986511114449630737",
"116503063541181432362663409243189980610",
"37312102513848841531587800322709678347",
"107730220799135238152532029834121092533",
"31794532484850939514757996360684657504",
"37375231683822265134606901847529779397",
"85622638563348469393500256713083172957",
"67370821526098988450755233631823663626",
"240631804555240451842890633454648658600",
"32982486088803618325346264503483052175",
"203581590381330725659643980622370901602",
"26474390563869351973523899735274801275",
"247931793445382452109740253630732743691",
"143473210975978939542436227292163065865",
"110373803346656416955257835554183869064",
"244158909220927486445490508396881294803",
"265147401089949882638393063931419992317",
"21506092549905763193159073738517381720",
"29553713582354736413226004466626485820",
"185873386596273317367644744329031272674",
"245129173415648111384771565775138186764",
"201152589758377086475944314303889722788",
"235733155212897949369853215540913567803"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"target": {
"file": "src/odf/odf_code.c",
"function": "gf_odf_read_iod"
},
"id": "CVE-2024-57184-f3a4e474",
"signature_type": "Function",
"digest": {
"function_hash": "209161400580859266801915008400375079718",
"length": 1074.0
},
"deprecated": false,
"signature_version": "v1"
}
]